Cisco has rolled-out its biannual update bundle for its networking operating systems IOS (Internetwork Operating System) and IOS XE. The semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication arrived in March and September. This year, with the September bundle, Cisco has addressed 34 security bugs in both IOS and IOS XE. These include a majority of high-severity flaws with some medium severity vulnerabilities.
High-Severity Bugs In Cisco IOS and IOS XE Software
With this update bundle, Cisco has fixed multiple high-severity bugs in IOS and IOS XE listed in 25 advisories.
The most severe among them include a Web UI authorization bypass (CVE-2020-3400), and two privilege escalation flaws (CVE-2020-3141, CVE-2020-3425).
Regarding CVE-2020-3400, Cisco explained in its advisory that the flaw affected the IOS XE Software, allowing an authenticated unauthorized remote attacker to exploit web UI parts. As stated in the advisory,
The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized.
Besides, the other two PE flaws affected the web management framework. As elaborated in Cisco’s advisory, exploiting them could allow an authenticated remote attacker to gain admin privileges.
Specifically, the bug CVE-2020-3141 existed due to the absence of input and validation checking of HTTP requests to APIs. Whereas the CVE-2020-3425 existed due to insufficient data protection of sensitive information.
All these vulnerabilities do not affect IOS, IOS XR, and NX-OS software.
Other Medium Severity Bugs
In addition to the multiple high-severity bugs, Cisco has patched some medium severity flaws as well.
One of these is CVE-2020-3417, an arbitrary code execution flaw that achieved a CVSS score of 6.8. Exploiting this bug could allow a local authenticated attacker to execute persistent code.
This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable.
Cisco has asked all the users to check their specific release for any vulnerabilities via their software checker. Users can then update to the fixed releases accordingly.